How to create correct .keystore for NXP iMX8QM AAOS12?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to create correct .keystore for NXP iMX8QM AAOS12?

1,998 Views
rampe
Contributor I
Could you hint how to create .keystore properly? I tried using platform.pk8 and .x509.pem files from  nxp/android_build/build/make/target/product/security like below
 
  • openssl pkcs8 -inform DER -nocrypt -in platform.pk8 -out nxpimx8qmaaos12-platform.key
  • openssl pkcs12 -export -in platform.x509.pem -inkey nxpimx8qmaaos12-platform.key -name nxpimx8qmaaos12-platform -out nxpimx8qmaaos12-platform.pem -password pass:password
  • ../../../../../prebuilts/jdk/jdk11/linux-x86/bin/keytool -importkeystore -destkeystore nxpimx8qmaaos12-platform.keystore -deststorepass password -srckeystore nxpimx8qmaaos12-platform.pem -srcstoretype PKCS12 -srcstorepass password
 
But when release.apk is signed with jarsigner or apksigner and app is deployed over ADP we get an error in app startup: "The app is not signed with a valid platform signature. The Car API back end cannot work with an unsigned app."
 
 
0 Kudos
Reply
10 Replies

1,774 Views
zdenek_zadera
NXP Employee
NXP Employee

Hello @rampe ,

In NXP Android release, there are created keys/certs in “device/nxp/common/security/” (platform.pk8 and platform.x509.pem). Are you using keys from this location?

The apksinger tool supports signing APKs with keystore file or with the private key file and certificate file separately. Below are some useful links may be helpful:

  1. Convert x509.pem and pk8 file to keystore: https://stackoverflow.com/questions/39657812/how-to-import-x509-pem-pk8-file-into-jks-keystore
  2. apksigner usage: https://developer.android.com/studio/command-line/apksigner
  3. some basic concept about app-signing: https://developer.android.com/studio/publish/app-signing

Best Regards,

Zdenek

0 Kudos
Reply

1,782 Views
zdenek_zadera
NXP Employee
NXP Employee

Hello @rampe ,

I have created internal question to our developers how to proceed correctly with your case.

Zdenek

0 Kudos
Reply

1,847 Views
rampe
Contributor I

For example this one had been used

./apksigner sign --append-signature --ks /home/rami/dev/docs/outruntonxp/nxpimx8qmaaos12-platform.keystore /home/username/dev/docs/outruntonxp/wow/build-Outrun_IVI-Android_Qt_6_4_0_Clang_arm64_v8a-Debug/android-build/build/outputs/apk/release/android-build-release-signed.apk

 

0 Kudos
Reply

1,852 Views
rampe
Contributor I

For example one that was tried

./apksigner sign --append-signature --ks /home/username/dev/docs/outruntonxp/nxpimx8qmaaos12-platform.keystore /home/rami/dev/docs/outruntonxp/wow/build-Outrun_IVI-Android_Qt_6_4_0_Clang_arm64_v8a-Debug/android-build/build/outputs/apk/release/android-build-release-signed.apk

0 Kudos
Reply

1,909 Views
rampe
Contributor I

..../build-tools/33.0.0/apksigner sign --append-signature --ks .../platform.keystore ..../android-build/build/outputs/apk/release/android-build-release-signed.apk

0 Kudos
Reply

1,910 Views
rampe
Contributor I

build-tools/33.0.0/apksigner sign --append-signature --ks ../platform.keystore ./android-build/build/outputs/apk/release/android-build-release-signed.apk

0 Kudos
Reply

1,974 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi 

Can you try the pkcs11?

0 Kudos
Reply

1,966 Views
rampe
Contributor I

openssl accepts only pkcs7, pkcs8 and pkcs12.

What would be the proper keytool command? Following does not seem to work

keytool -keystore NONE -storetype PKCS11 -list
keytool error: java.security.KeyStoreException: PKCS11 not found

0 Kudos
Reply

1,957 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi @rampe 

Can you also share the apksigner command you use?

0 Kudos
Reply

1,843 Views
rampe
Contributor I

For example this had been used

./apksigner sign --append-signature --ks /home/rami/dev/docs/outruntonxp/nxpimx8qmaaos12-platform.keystore /home/uname/dev/docs/outruntonxp/wow/build-Outrun_IVI-Android_Qt_6_4_0_Clang_arm64_v8a-Debug/android-build/build/outputs/apk/release/android-build-release-signed.apk

0 Kudos
Reply